Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8ab6123d019139707e6107393ae3fe5753de7ab35b0250ab0f5db31d60c6cadb

  • Size

    708KB

  • Sample

    230504-p1l44acd84

  • MD5

    35f0ff951ea9264ff3a0aeed813c1672

  • SHA1

    0aaf5996952b3e6d7029ae81bc2f719dbbe6be4b

  • SHA256

    8ab6123d019139707e6107393ae3fe5753de7ab35b0250ab0f5db31d60c6cadb

  • SHA512

    877a1890df255ff50f6af07b88b5abc765c4621957a928aaaa03de12c0b7276dc180877cb64ac0e1159414c03359a89fa86114f8ff523c33f287fbd8b01706eb

  • SSDEEP

    12288:LMrR9y902CjpDLlHAcL8jVcvxSjYecN6eXTj73cojwU5hiKPfUlY3QAKy:ky2nlHfLaVQE8OeXTjTcojwUX3H33Q1y

Malware Config

Targets

    • Target

      8ab6123d019139707e6107393ae3fe5753de7ab35b0250ab0f5db31d60c6cadb

    • Size

      708KB

    • MD5

      35f0ff951ea9264ff3a0aeed813c1672

    • SHA1

      0aaf5996952b3e6d7029ae81bc2f719dbbe6be4b

    • SHA256

      8ab6123d019139707e6107393ae3fe5753de7ab35b0250ab0f5db31d60c6cadb

    • SHA512

      877a1890df255ff50f6af07b88b5abc765c4621957a928aaaa03de12c0b7276dc180877cb64ac0e1159414c03359a89fa86114f8ff523c33f287fbd8b01706eb

    • SSDEEP

      12288:LMrR9y902CjpDLlHAcL8jVcvxSjYecN6eXTj73cojwU5hiKPfUlY3QAKy:ky2nlHfLaVQE8OeXTjTcojwUX3H33Q1y

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks